Home

Tip to improve xss app!!! Open gate of brain with salvia divnorim and read. Different programming language has differnt libs so write this apl in different lang if u can.. New ideas can come Dombased and other xss type should be taken care.. They are essential for making a good app. Learning programming concepts/idea is also good... Like xssniper has option of cookie, some collect data to find info recon and search for xss.. Xsser is good but have lot of options and they just destroy the mood, hang often or dont work. Tamperscript such as encoding and dob.. Encoding script is essential. Even u can learn from sqlmap.similarly other things are to be considwred while developing and improving xss apps. New modifications

Xss is not in input only its ecerywhere in headers.. Wherever it gets reflected its there.. If u store some data then ther's xss.. Moreover xss maybe in post data and lots.. So develop your app so that it places payload everywhere and test for response.. Create a domain... Play with domain and your app.. Increase security of domain so that certain script only work.. Then use your app test it

HEY ADD FEATURE OF --cookie parameter beacause you cant test in on many web sites and apps like bWAPP ,dvwa. 1)First install bWAPP and goto Reflected XSS page. 2)Then try using the app. It will fail . 3)Use burp to see the request and find cookie parameter 4)Download XSSniper app and using --cookie="cookiedata" you can find xss vulnerability but doesnt work in other app as it doesnt have --cookie feature.Plz make this feature available. moreover

HEY. FROM HERE REQUEST OF NEW SECOND FEATURE STARTS. What is the best way of earning money.. Creating a good app(no app shouldnt be sold for money as it will decrease no of users) but.. Since people use this app for bug hunting and if they get xss with this app maybe they donate some amount to app dev.. I too do that..so you will earn much if much people use it and to make people use it u have to continuosly develop. And many others do so create a goood app.. It will be beneficial for both devs and other.. Create --cookie feature to specify cookie --header to specify header and so on. Make a feature called --file feature from which we can add our custom payload.. Once payload from a line.. Make sure while adding custom payload it detects properly.. Xss can be known by alert(1), prompt(1),console. Log, document. Write etx.. Sometimes console.log is a good payload and triggers xss while app dont show.. Read all python libs, import much increase its uses.. Use bwapp.. Try big.. So make a feature in which when we add custom payload in file and it takes line by line and exec (suppose my payload is ">document.write("alrrt") so most xss app are based on alert and thus this will be rendered as useless payload but manual testing proves it a payload.. So try adding features of console.log, prompy and other payload too.. Remember bWAPP and dvwa is your playground for imprving your app.. Just like sqlmap try to exec xss in usr agent and other agent by reading request.. Just like sqlmap -r requestfilename does all the sqli finding job your app should also do.. Your app should read the request try to exec xss in request like usr agent and other.. You should make your app big.. Learn from other.. Start from small.. Keep on developing.. Also check for false positives too in your playground.. Use a xss list from file and create tamper script too like sqlmap.. Waf filter so create a feature in which it takes a single line from a txt file use it as payload and apply tamper script if specified such as RaNDomcASe etc. I m your huge fan of good xss app and. Many people like me donate large money to maker of app from which i get bounty.. So develop properly. Think freely. Give options not many.. Automate things not much.. Improve your app ok